Solved

What does this R0 line mean? / HijackThis Log

Posted on 2011-02-27
7
618 Views
Last Modified: 2013-12-06
Hi Friends

I have also found this R0 line on a HijackThis Log from a customer.
HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

I know this is for Internet Explorers starting page and search assistant. But what does this line mean exactly? Where can I find more information’s about this line? Why is nothing behind the = ? I have also found some logs with Obfuscated. Is this Spyware? Because I have read this is a sign of spyware and difficult to remove such an infection.

Thank you very much
0
Comment
Question by:awawada
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 22

Assisted Solution

by:optoma
optoma earned 125 total points
ID: 34991399
Hi.
Some info regarding HJT
http://www.bleepingcomputer.com/tutorials/tutorial42.html#RDiag

That line is ok to the best of my knowledge :)

Upload the log to Hijackthis.de to be analyzed and there is an info button beside each line.
http://www.hijackthis.de/


>Apart from that, machine behaving ok?
0
 
LVL 4

Expert Comment

by:FastSi
ID: 34991407
"HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =" with nothing after it I assume it means your browser is not starting with any addon toolbars, I get the same result with nothing after = iwhen I do a scan and mines clean.

not sure about the Obfuscated
0
 
LVL 4

Assisted Solution

by:FastSi
FastSi earned 125 total points
ID: 34991423
Hijack this is by trendmicro so could also post on http://community.trendmicro.com/t5/Malware-Discussions/bd-p/malware
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 18

Author Comment

by:awawada
ID: 34991468
@optoma
Hi optoma

after a long time. hope you are fine?
I know this Tutorial it's pretty good, but i dont find much infos about:
HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

@FastSi
good idea with http://community.trendmicro.com/t5/Malware-Discussions/bd-p/malware .
Are you sure this has something to do with addon toolbars? Has this nothing to do with Internet Explorer Links folder with the Favorites?
0
 
LVL 35

Accepted Solution

by:
torimar earned 250 total points
ID: 34991918
If you launch IE, and go to the Favorites menu, you will see a folder called "Links" in that menu. If you delete it, it will be recreated automatically.

That is what the registry entry:
HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName

controls. If "LinksFolderName=Links" the folder will be recreated, if "LinksFolderName=" it will not be recreated.
This is a popular registry tweak: http://www.pctools.com/guides/registry/detail/550/

"LinksFolderName=Links" is the default entry; as long as it is active, HJT does not include the key in its scan report. Once it is changed, HJT will report this.

You could easily let HJT fix the issue, but that may not be in the interest of your client if he/she intentionally applied this reg tweak.
0
 
LVL 22

Expert Comment

by:optoma
ID: 34992197
Hi Awawada.
Been a while. All is fine, thankfully as ever! :)


0
 
LVL 18

Author Closing Comment

by:awawada
ID: 34993110
Thanks Friends!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now